Search in sources :

Example 1 with DefaultSerializationStrategy

use of org.springframework.security.oauth2.common.util.DefaultSerializationStrategy in project spring-security-oauth by spring-projects.

the class JdbcTokenStoreTests method testGetAccessTokenWithInvalidStoredAuthentication.

// gh-1907
@Test
public void testGetAccessTokenWithInvalidStoredAuthentication() {
    OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false), new TestAuthentication("test2", false));
    OAuth2AccessToken expectedOAuth2AccessToken = new DefaultOAuth2AccessToken("testToken");
    // We will set a custom serialization strategy, that will write an invalid OAuth2Authentication object to the database.
    // This way we can verify that JdbcTokenStore.getAccessToken() correctly handles this case and still returns a valid
    // authentication if the serialized representation of Authentication objects has changed.
    DefaultSerializationStrategy newStrategy = new DefaultSerializationStrategy() {

        @Override
        public byte[] serialize(Object state) {
            if (state instanceof OAuth2Authentication) {
                return new byte[0];
            } else {
                return super.serialize(state);
            }
        }
    };
    SerializationStrategy oldStrategy = SerializationUtils.getSerializationStrategy();
    try {
        SerializationUtils.setSerializationStrategy(newStrategy);
        getTokenStore().storeAccessToken(expectedOAuth2AccessToken, expectedAuthentication);
    } finally {
        SerializationUtils.setSerializationStrategy(oldStrategy);
    }
    OAuth2AccessToken actualOAuth2AccessToken = getTokenStore().getAccessToken(expectedAuthentication);
    OAuth2Authentication actualAuthentication = getTokenStore().readAuthentication(expectedOAuth2AccessToken);
    assertEquals(expectedOAuth2AccessToken, actualOAuth2AccessToken);
    assertEquals(expectedAuthentication, actualAuthentication);
}
Also used : CustomOAuth2AccessToken(org.company.oauth2.CustomOAuth2AccessToken) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) CustomOAuth2Authentication(org.company.oauth2.CustomOAuth2Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) DefaultSerializationStrategy(org.springframework.security.oauth2.common.util.DefaultSerializationStrategy) DefaultSerializationStrategy(org.springframework.security.oauth2.common.util.DefaultSerializationStrategy) SerializationStrategy(org.springframework.security.oauth2.common.util.SerializationStrategy) WhitelistedSerializationStrategy(org.springframework.security.oauth2.common.util.WhitelistedSerializationStrategy) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Aggregations

CustomOAuth2AccessToken (org.company.oauth2.CustomOAuth2AccessToken)1 CustomOAuth2Authentication (org.company.oauth2.CustomOAuth2Authentication)1 Test (org.junit.Test)1 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)1 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)1 DefaultSerializationStrategy (org.springframework.security.oauth2.common.util.DefaultSerializationStrategy)1 SerializationStrategy (org.springframework.security.oauth2.common.util.SerializationStrategy)1 WhitelistedSerializationStrategy (org.springframework.security.oauth2.common.util.WhitelistedSerializationStrategy)1 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)1